<?php
//session_start();
$conn = @mysql_connect('localhost', 'root', '') or die(mysql_error());
    mysql_select_db("mydb") or die(mysql_error());
//include ('functions.php');
 $confid = intval($_GET['conference_id']);
 $paperID = intval($_GET['paper_id']);

print "<h1>Request additional Reviewers for Meta-Review</h1><br> <a href='InviteReviewers.php?conference_id={$confid}'>Invite Non-Users</a>";
function sendRequest($requestUserID,$request_text,$confid)
   {
    session_start();
    if (isset($_SESSION['member_id'])) {  // checks that the current user id is passed in the session
        $member_id = $_SESSION['member_id']; // saves its value in $currentUserID


   // $member_id = 1;
    $members = $_POST['Members']; // // save the array of members returned from the check boxes
     for ($i=0; $i<count($_POST['Members']); $i++){
    $requestUserID = $members[$i];
    $R = 'R';
    $get_member_name = mysql_query("SELECT first_name, last_name FROM member, member_request_member WHERE member_id = member_id2 AND
            member_id2 ='$requestUserID'") or die ('no name'.mysql_error());
    $row = mysql_fetch_assoc($get_member_name);
    $first_name = $row['first_name'];
    $last_name = $row['last_name'];

    $occurence_check =  mysql_query("SELECT member_id2,conference_id,type FROM member_request_member WHERE member_id2='$requestUserID'
            AND conference_id ='$confid' AND type= '$R'")
            or die(mysql_error());

    if (!mysql_num_rows($occurence_check)){
    $get_last_id = mysql_query ("INSERT INTO request(request) VALUES ('$request_text')") or die ('can not insert request'.mysql_error()); //insert the request message into the table request
    if ($get_last_id) {
    $last_id = mysql_insert_id();
    //echo $last_id;
    }
    mysql_query ("INSERT INTO member_Request_member(member_id1,member_id2,conference_id,request_id,type)
     VALUES('$member_id','$requestUserID','$confid','$last_id','$R')") // insert the request details in member_request_member
            or die(mysql_error());
    echo "Your request(s) has been successfully sent!"; ?> <br> <?
     }
     else {

         $error_message = ''."$first_name".' '."$last_name".' has already been invited to review in the conference before!'; ?> <br> <?
         echo $error_message;
     }
     }
    }
//  if( isset($members) && is_array($members)) { // loop on the array, and separate each name by a comma, to be able to send an e-mail to each member independantly
//   implode(",", $members);
//  foreach ($members as $recieverEmail)
//   {
//    $row = mysqli_fetch_assoc($recieverEmail); // send a request via e-mail
//    $subject = 'Confo Request';
//    $message= <<<EMAIL
//ConfO is asking you to become a member in the review committe.
//For more details, please review this request in the requests section on your account.
//
//Thank you.
//EMAIL;
//            $from = 'info.confo@gmail.com';
//            $headers = "From:" . $from;
//            mail($recieverEmail, $subject, $message,$headers);
//   }
//  }


     else {echo"this action can not be performed!";}
 }

 if (isset($_POST['Send'])) {
    if (isset($_POST['Members'])) {
        $get_conference_id= mysql_query("SELECT long_name from conference where conference_id ='$confid'") or die(mysql_error());
        $row = mysql_fetch_assoc($get_conference_id);
        $conference_name = $row['long_name'];
        $request_text = 'ConfO would like to request your reviewing services in the '."$conference_name".' conference.
        You can review the conference details in the conference page.';
        sendRequest($_POST['Members'], $request_text, $confid);
    } else {

        echo "you have to select atleast one member!";
    }
}

retrieveMembers($confid, $paperID);
function retrieveMembers($confid, $paperID) {

//$confid = 1;
$result = mysql_query("SELECT DISTINCT m.member_id,first_name,last_name,email,role
FROM privileges p INNER JOIN member_privileges mp
ON  p.privileges_id = mp.privileges_id JOIN member m
ON m.member_id = mp.member_id JOIN assigned_papers a
ON mp.member_id NOT IN (SELECT ap.member_id
        FROM assigned_papers ap
        WHERE ap.paper_id = '$paperID'
        AND ap.conference_id = '$confid')
        WHERE role NOT LIKE '%organizer%' AND a.conference_id = '$confid'") or die('here1'.mysql_error()); // returns al members who are not reviewers in the current conference

    //$row = mysqli_fetch_assoc($result);

    print "<table width=500 border=1>\n";
    print "<tr>\n";
    print "<th>&nbsp; </th>\n";
    print "<th><width=\"0%\" height=\"0\" style=\"display:none\" value=\"Member ID\"</th>\n";
    print "<th> First Name </th>\n";
    print "<th> Last Name </th>\n";
    print "<th> e-mail </th>\n";
    print "<th> Role </th>\n";
    print "</tr>\n";

    if (!mysql_num_rows($result)) { // check if the query returned output or not
        echo "no members to invite!!";
    } else {
        while ($row = mysql_fetch_assoc($result)) {
?>
                        <form method="post" action="" onsubmit="return isChecked()">
                <?php
                print "<tr>\n";
                print "<td><input type=\"checkbox\" name=\"Members[]\" value=\"{$row['member_id']}\"></td>\n";
                echo "<td><width=\"0%\" height=\"0\" style=\"display:none\" value=\"\"</td>\n";
                echo "<td>{$row['first_name']}</td>\n"; // print names
                echo "<td>{$row['last_name']}</td>\n";
                echo "<td>{$row['email']}</td>\n"; // print emails
                echo "<td>{$row['role']}</td>\n"; // print roles
                echo "</tr>\n";

        }
        print "</table>\n";
    }
}
   ?>
<html>
<head>
    <meta http-equiv="X-UA-Compatible" content="IE=9" />
<title>Invite Reviewers</title>
</head>
<tr><td><input type="submit" name="Send" value="Invite Reviewers"></td></tr>
    <br>
    </form>
    </html>